PT-2023-29934 · Unknown · Capsule-Proxy
Mtheeren-Asml
·
Publicado
2023-11-06
·
Atualizado
2023-11-14
·
CVE-2023-46254
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
capsule-proxy versions prior to 0.4.5
Description
A bug in the RoleBinding reflector used by
capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. This introduces an exfiltration vulnerability, allowing the listing of Namespace resources of other Tenants under specific conditions:capsule-proxyruns with the--disable-caching=falseand- Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This issue does not allow any privilege escalation on the outer tenant Namespace-scoped resources, as the Kubernetes RBAC is enforcing this.
Recommendations
For versions prior to 0.4.5, upgrade to version 0.4.5 to address the issue.
As a temporary workaround, consider setting
--disable-caching=true to mitigate the risk of exploitation.
Restrict access to the capsule-proxy to minimize the risk of exploitation.
Avoid using the same ServiceAccount name for different tenants in different Namespaces until the issue is resolved.Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Capsule-Proxy